That dreaded logout confirmation...

[el canadiano]

http://www.mk3dsforum.com/forum/

Hey guys,

I've recently manually tried to upgrade my XenForo theme (which, for the record, is a slightly modified version of Flexile) to include the logout button. My other administrator has notified me that there's an infinite Security Error when I try to logout. I suspect that it is my fault and that my edits weren't done properly.

This is my navigation_visitor_tab template. Might I have missed something?

<xen:edithint template="navigation.css" />

<ul class="visitorTabs">

    <xen:hook name="navigation_visitor_tabs_start" />

    <!-- account -->
    <li class="navTab account Popup PopupControl PopupClosed {xen:if $tabs.account.selected, 'selected'}">

        <a href="{xen:link account}" class="navLink accountPopup" rel="Menu"><xen:if is="@showAvatarInUserBar"><img src="{xen:helper avatar, $visitor, s}" class="miniMe" alt="" /></xen:if><strong>{$visitor.username}</strong></a>

        <div class="Menu JsOnly" id="AccountMenu">
            <div class="primaryContent menuHeader">
                <xen:avatar user="$visitor" size="m" class="NoOverlay plainImage" title="{xen:phrase view_your_profile}" />

                <h3><a href="{xen:link members, $visitor}" class="concealed" title="{xen:phrase view_your_profile}">{$visitor.username}</a></h3>

                <xen:if hascontent="true"><div class="muted"><xen:contentcheck>{xen:helper usertitle, $visitor}</xen:contentcheck></div></xen:if>

                <ul class="links">
                    <li class="fl"><a href="{xen:link members, $visitor}">{xen:phrase your_profile_page}</a></li>
                    <!--<li class="fr"><a href="{xen:link logout, '', '_xfToken={$visitor.csrf_token_page}'}" class="LogOut">{xen:phrase log_out}</a></li>-->
                </ul>
            </div>
            <div class="menuColumns secondaryContent">
                <xen:hook name="navigation_visitor_tab_links1">
                <ul class="col1 blockLinksList">
                    <li><a href="{xen:link account/personal-details}">{xen:phrase personal_details}</a></li>
                    <li><a href="{xen:link account/contact-details}">{xen:phrase contact_details}</a></li>
                    <li><a href="{xen:link account/preferences}">{xen:phrase preferences}</a></li>
                    <li><a href="{xen:link account/alert-preferences}">{xen:phrase alert_preferences}</a></li>
                    <li><a href="{xen:link account/privacy}">{xen:phrase privacy}</a></li>
                    <xen:if is="{$canEditSignature}"><li><a href="{xen:link account/signature}">{xen:phrase signature}</a></li></xen:if>
                    <li><a href="{xen:link account/avatar}" class="OverlayTrigger" data-cacheOverlay="true">{xen:phrase avatar}</a></li>
                </ul>
                </xen:hook>
                <xen:hook name="navigation_visitor_tab_links2">
                <ul class="col2 blockLinksList">
                    <li><a href="{xen:link account/news-feed}">{xen:phrase your_news_feed}</a></li>
                    <li><a href="{xen:link account/alerts}">{xen:phrase your_alerts}</a></li>
                    <li><a href="{xen:link watched/threads}">{xen:phrase watched_threads}</a></li>
                    <li><a href="{xen:link account/likes}">{xen:phrase likes_youve_received}</a></li>
                    <li><a href="{xen:link search/member, '', 'user_id={$visitor.user_id}'}">{xen:phrase your_content}</a></li>
                    <li><a href="{xen:link account/following}">{xen:phrase people_you_follow}</a></li>
                    <xen:if is="{$xenCache.userUpgradeCount}"><li><a href="{xen:link account/upgrades}">{xen:phrase account_upgrades}</a></li></xen:if>
                    <xen:if is="{$xenOptions.facebookAppId}"><li><a href="{xen:link account/facebook}">{xen:phrase facebook_integration}</a></li></xen:if>
                </ul>
                </xen:hook>
            </div>
            <div class="menuColumns secondaryContent">
                <ul class="col1 blockLinksList">
                    <li>
                        <form action="{xen:link account/toggle-visibility}" method="post" class="AutoValidator visibilityForm">
                            <label><input type="checkbox" name="visible" value="1" class="SubmitOnChange" {xen:checked $visitor.visible} />
                                {xen:phrase show_online_status}</label>
                            <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
                        </form>
                    </li>
                </ul>
                <ul class="col2 blockLinksList">
                    <li><a href="{xen:link logout, '', '_xfToken={$visitor.csrf_token_page}'}" class="LogOut">{xen:phrase log_out}</a></li>
                </ul>
            </div>
            <xen:if is="{$canUpdateStatus}">
                <form action="{xen:link members/post, $visitor}" method="post" class="sectionFooter statusPoster AutoValidator" data-optInOut="OptIn">
                    <textarea name="message" class="textCtrl StatusEditor Elastic" placeholder="{xen:phrase update_your_status}..." rows="1" cols="40" style="height:14px" data-statusEditorCounter="#visMenuSEdCount"></textarea>
                    <div class="submitUnit">
                        <span id="visMenuSEdCount" title="{xen:phrase characters_remaining}"></span>
                        <input type="submit" class="button primary MenuCloser" value="{xen:phrase post}" accesskey="s" />
                        <input type="hidden" name="_xfToken" value="{$visitor.csrf_token_page}" />
                        <input type="hidden" name="return" value="1" />
                    </div>
                </form>
            </xen:if>
        </div>
    </li>

    <!-- secondary nav links went here - moved to user bar -->

    <!-- conversations popup -->
    <li class="navTab inbox Popup PopupControl PopupClosed">

        <a href="{xen:link conversations}" rel="Menu" class="navLink NoPopupGadget">{xen:phrase inbox}
            <xen:if is="{$visitor.conversations_unread}">
                <strong class="itemCount" id="ConversationsMenu_Counter">{xen:number $visitor.conversations_unread}
                    <!-- <span class="arrow"></span> -->
                </strong>
            </xen:if>
        </a>

        <div class="Menu JsOnly navPopup" id="ConversationsMenu"
            data-contentSrc="{xen:link 'conversations/popup'}"
            data-contentDest="#ConversationsMenu .listPlaceholder">

            <div class="menuHeader primaryContent">
                <h3>
                    <span class="Progress InProgress"></span>
                    <a href="{xen:link conversations}" class="concealed">{xen:phrase conversations}</a>
                </h3>
            </div>

            <div class="listPlaceholder"></div>

            <div class="sectionFooter">
                <a href="{xen:link conversations/add}" class="floatLink">{xen:phrase start_new_conversation}</a>
                <a href="{xen:link conversations}">{xen:phrase show_all}...</a>
            </div>
        </div>
    </li>

    <xen:hook name="navigation_visitor_tabs_middle" />

    <!-- alerts popup -->
    <li class="navTab alerts Popup PopupControl PopupClosed">

        <a href="{xen:link account/alerts}" rel="Menu" class="navLink NoPopupGadget">{xen:phrase alerts}
            <xen:if is="{$visitor.alerts_unread}">
                <strong class="itemCount" id="AlertsMenu_Counter">{xen:number $visitor.alerts_unread}
                    <!-- <span class="arrow"></span> -->
                </strong>
            </xen:if>
        </a>

        <div class="Menu JsOnly navPopup" id="AlertsMenu"
            data-contentSrc="{xen:link 'account/alerts-popup'}"
            data-contentDest="#AlertsMenu .listPlaceholder"
            data-removeCounter="#AlertsMenu_Counter">

            <div class="menuHeader primaryContent">
                <h3>
                    <span class="Progress InProgress"></span>
                    <a href="{xen:link account/alerts}" class="concealed">{xen:phrase alerts}</a>
                </h3>
            </div>

            <div class="listPlaceholder"></div>

            <div class="sectionFooter">
                <a href="{xen:link account/alert-preferences}" class="floatLink">{xen:phrase alert_preferences}</a>
                <a href="{xen:link account/alerts}">{xen:phrase show_all}...</a>
            </div>
        </div>
    </li>

    <xen:hook name="navigation_visitor_tabs_end" />

    <li class="navTab PopupClosed"><a href="{xen:link logout}" class="LogOut navLink visitorTabItem OverlayTrigger">{xen:phrase log_out}</a></li>
</ul>

 

[Jake Bunce]

Your template works fine on my forum.

I noticed your overlays aren't working which is exposing a bug with the logout link. I just posted a report:

http://xenforo.com/community/threads/security-token-missing-from-logout.17821/

The question is, why are your overlays not working? Overlays are enabled in your style. I suspect a template problem. Assuming you have isolated the problem to your custom style then you will need to start reverting templates to isolate the problem. I looked at your code and I would start with these templates:

PAGE_CONTAINER
page_container_js_body
page_container_js_head

 

[Fufu]

the new logout confirmation is horrible.

 

[Kier]

the new logout confirmation is horrible.

Thanks for the constructive feedback, would you care to elaborate?

 

[yavuz]

Elephants suck big time

 

[el canadiano]

Your template works fine on my forum.

I noticed your overlays aren't working which is exposing a bug with the logout link. I just posted a report:

http://xenforo.com/community/threads/security-token-missing-from-logout.17821/

The question is, why are your overlays not working? Overlays are enabled in your style. I suspect a template problem. Assuming you have isolated the problem to your custom style then you will need to start reverting templates to isolate the problem. I looked at your code and I would start with these templates:

PAGE_CONTAINER
page_container_js_body
page_container_js_head

I'll look into PAGE_CONTAINER. The other two are at default.

 

[Floris]

the new logout confirmation is horrible.

It's the same overlay as the other overlays in xenforo, ..

 

[Paul B]

the new logout confirmation is horrible.

You can always log out directly, without confirmation, using the link in the drop down menu.

 

[Digital Doctor]

the new logout confirmation is horrible.

The vast majority of people wanted a Logout confirmation.
In mobile skins, people were clicking Alerts, accidentally hitting Logout ... and then the hassle of logging back in is obvious.
Most people never logout the vast majority of the time.
Logging out is fast and painless for me.
Considering everyone's needs I think the current logout confirmation is an improvement.
I myself never log out.

 

[Blue]

The vast majority of people wanted a Logout confirmation.
In mobile skins, people were clicking Alerts, accidentally hitting Logout ... and then the hassle of logging back in is obvious.
Most people never logout the vast majority of the time.
Logging out is fast and painless for me.
Considering everyone's needs I think the current logout confirmation is an improvement.
I myself never log out.

I agree with all of this.

 

[Peggy]

the new logout confirmation is horrible.

If this was meant to be constructive criticism, you failed miserably.

 

[raytrails]

the new logout confirmation is horrible.

Absolutely not, I love it - and its useful all the time for me when I use a smartphone.

 

[Fufu]

Thanks for the constructive feedback, would you care to elaborate?

the new logout is redundant-a simple check to establish whether the end-user is using a mobile device or not, could switch a trigger to determine any redundant actions (confirmations); my previous post was not intended to cause any disturbances.

 

[Panupat]

I read a few posts about people clicking logout by accident too. Makes me think that the confirmation is actually a good thing to have.

 

[Peggy]

I read a few posts about people clicking logout by accident too. Makes me think that the confirmation is actually a good thing to have.

I have many times, and it is.

 

[Onimua]

the new logout is redundant-a simple check to establish whether the end-user is using a mobile device or not, could switch a trigger to determine any redundant actions (confirmations); my previous post was not intended to cause any disturbances.

When the mobile style comes out I think even that wouldn't be needed.

 

[Jeffin]

I think a option to turn it off via admin panel would be a great addition. My board members are not liking it.

 

[jmurrayhead]

I think a option to turn it off via admin panel would be a great addition. My board members are not liking it.

I agree with this. I never log out, so it's not particularly a problem for myself. However, I can see a vast majority of users being annoyed as hell with this. If I actually logged out of sites, I know I would be.

 

[Onimua]

And hovering over your username and clicking "Log Out" is too much of a hassle?

 

[jmurrayhead]

And hovering over your username and clicking "Log Out" is too much of a hassle?

Yes, it is. When people are in a hurry on a public system and they have to make that 9:00 meeting, they are rushing to logout. I would presume that some people are moving so fast that the drop down menu becomes a hassle to them because it's too slow to react. On top of that, their eyes now have to scan for the logout link.

This is also a matter of preference. Just because you want the confirmation doesn't meant I should be forced to use it. It is an annoyance to some people.